aiotestking uk

SY0-401 Exam Questions - Online Test


SY0-401 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Which of the following solutions provides the most flexibility when testing new security controls prior to implementation? 

A. Trusted OS 

B. Host software baselining 

C. OS hardening 

D. Virtualization 

Answer:

Explanation: 

Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation. 

Q2. Which of the following security architecture elements also has sniffer functionality? (Select TWO). 

A. HSM 

B. IPS 

C. SSL accelerator 

D. WAP 

E. IDS 

Answer: B,E 

Explanation: 

Sniffer functionality means the ability to capture and analyze the content of data packets as they 

are transmitted across the network. 

IDS and IPS systems perform their functions by capturing and analyzing the content of data 

packets. 

An intrusion detection system (IDS) is a device or software application that monitors network or 

system activities for malicious activities or policy violations and produces reports to a management 

station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in 

different ways. There are network based (NIDS) and host based (HIDS) intrusion detection 

systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor 

expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily 

focused on identifying possible incidents, logging information about them, and reporting attempts. 

In addition, organizations use IDPSes for other purposes, such as identifying problems with 

security policies, documenting existing threats and deterring individuals from violating security 

policies. IDPSes have become a necessary addition to the security infrastructure of nearly every 

organization. 

IDPSes typically record information related to observed events, notify security administrators of 

important observed events and produce reports. Many IDPSes can also respond to a detected 

threat by attempting to prevent it from succeeding. They use several response techniques, which 

involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a 

firewall) or changing the attack's content. 

Q3. An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement? 

A. Implement IIS hardening by restricting service accounts. 

B. Implement database hardening by applying vendor guidelines. 

C. Implement perimeter firewall rules to restrict access. 

D. Implement OS hardening by applying GPOs. 

Answer:

Explanation: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. This can be implemented using the native security features of an operating system, such as Group Policy Objects (GPOs). 

Q4. Which of the following is a best practice when a mistake is made during a forensics examination? 

A. The examiner should verify the tools before, during, and after an examination. 

B. The examiner should attempt to hide the mistake during cross-examination. 

C. The examiner should document the mistake and workaround the problem. 

D. The examiner should disclose the mistake and assess another area of the disc. 

Answer:

Explanation: 

Every step in an incident response should be documented, including every action taken by end users and the incident-response team. 

Q5. A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files? 

A. Integrity 

B. Confidentiality 

C. Steganography 

D. Availability 

Answer:

Explanation: 

Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message. 

Q6. An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO). 

A. Length of password 

B. Password history 

C. Minimum password age 

D. Password expiration 

E. Password complexity 

F. Non-dictionary words 

Answer: B,C 

Explanation: 

In this question, users are forced to change their passwords every six weeks. However, they are able to change their password and enter the same password as the new password. 

Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords. 

When a user is forced to change his password due to a maximum password age period expiring, (the question states that the network requires that the passwords be changed every six weeks) he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days. 

Q7. The practice of marking open wireless access points is called which of the following? 

A. War dialing 

B. War chalking 

C. War driving 

D. Evil twin 

Answer:

Explanation: 

War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others can benefit from the free wireless access. The open connections typically come from the access points of wireless networks located within buildings to serve enterprises. The chalk symbols indicate the type of access point that is available at that specific spot. 

Q8. A systems engineer has been presented with storage performance and redundancy requirements for a new system to be built for the company. The storage solution must be designed to support the highest performance and must also be able to support more than one drive failure. Which of the following should the engineer choose to meet these requirements? 

A. A mirrored striped array with parity 

B. A mirrored mirror array 

C. A striped array 

D. A striped array with parity 

Answer:

Explanation: 

Q9. The public key is used to perform which of the following? (Select THREE). 

A. Validate the CRL 

B. Validate the identity of an email sender 

C. Encrypt messages 

D. Perform key recovery 

E. Decrypt messages 

F. Perform key escrow 

Answer: B,C,E 

Explanation: 

B: The sender uses the private key to create a digital signature. The message is, in effect, signed 

with the private key. The sender then sends the message to the receiver. The receiver uses the 

public key attached to the message to validate the digital signature. If the values match, the 

receiver knows the message is authentic. 

C: The sender uses the public key to encrypt a message, and the receiver uses the private key to 

decrypt the message. 

E: You encrypt data with the private key and decrypt with the public key, though the opposite is 

much more frequent. 

Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic 

protocols based on algorithms that require two separate keys, one of which is secret (or private) 

and one of which is public. Although different, the two parts of this key pair are mathematically 

linked. 

Q10. Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to? 

A. PAP, MSCHAPv2 

B. CHAP, PAP 

C. MSCHAPv2, NTLMv2 

D. NTLM, NTLMv2 

Answer:

Explanation: 

PAP transmits the username and password to the authentication server in plain text. MSCHAPv2 is utilized as an authentication option for RADIUS servers that are used for Wi-Fi security using the WPA-Enterprise protocol.